File tree Expand file tree Collapse file tree 3 files changed +29
-8
lines changed
uncoder-core/app/translator/mappings/platforms/qradar Expand file tree Collapse file tree 3 files changed +29
-8
lines changed Original file line number Diff line number Diff line change @@ -2,9 +2,26 @@ platform: Qradar
22source : default
33description : Text that describe current mapping
44
5- log_source :
6- devicetype :
7- - 12
85
96default_log_source :
10- devicetype : 12
7+ devicetype : 12
8+
9+
10+ field_mapping :
11+ icmp.type : IcmpType
12+ dst-port :
13+ - DstPort
14+ - DestinationPort
15+ dst-hostname : DstHost
16+ src-port : SourcePort
17+ src-ip :
18+ - sourceip
19+ - source_ip
20+ - SourceIP
21+ dst-ip :
22+ - DestinationIP
23+ - destinationip
24+ - destination_ip
25+ User : userName
26+ CommandLine : Command
27+ Protocol : IPProtocol
Original file line number Diff line number Diff line change 11platform : Qradar
22source : linux_auditd
3- description : Auditd field mappings to QRadar default CEPs.
3+ description : Text that describe current mapping
44
55log_source :
66 devicetype : [11]
@@ -14,8 +14,10 @@ field_mapping:
1414 a2 : Command
1515 a3 : Command
1616 exe : Process Path
17- CommandLine : Command
17+ CommandLine :
18+ - Process CommandLine
19+ - Command
1820 Image : Process Path
1921 User : username
2022 LogonId : Logon ID
21- ParentImage : Parent Process Path
23+ ParentImage : Parent Process Path
Original file line number Diff line number Diff line change @@ -14,4 +14,6 @@ field_mapping:
1414 CommandLine : Command
1515 Image : Process Path
1616 ParentCommandLine : Parent Command
17- ParentImage : Parent Process Path
17+ ParentImage : Parent Process Path
18+ User : username
19+ LogonId : Logon ID
You can’t perform that action at this time.
0 commit comments